Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "E-mail Virus Protection Handbook", Brian Bagnall/Chris

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKEMLVRS.RVW 20001121 E-mail Virus Protection Handbook , Brian Bagnall/Chris O. Broomes/Ryan Russell, 2000, 1-928994-23-7, U$39.95/C$61.95 %A Brian
    Message 1 of 1 , Jan 9, 2001
    • 0 Attachment
      BKEMLVRS.RVW 20001121

      "E-mail Virus Protection Handbook", Brian Bagnall/Chris O.
      Broomes/Ryan Russell, 2000, 1-928994-23-7, U$39.95/C$61.95
      %A Brian Bagnall bagnall@...
      %A Chris O. Broomes
      %A Ryan Russell
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2000
      %E James Stanger james@...
      %G 1-928994-23-7
      %I Syngress Media, Inc.
      %O U$39.95/C$61.95 781-681-5151 fax: 781-681-3585
      %O www.syngress.com amy@...
      %P 476 p.
      %T "E-mail Virus Protection Handbook"

      In the introduction, the technical editor for the book tells the story
      of how he sent off his Visa number to an email address, and
      subsequently had fraudulent charges made against it. He then supposes
      that the reader will, at that point, have lost faith in him. In my
      case this was quite wrong. We all give out credit card information
      very freely, in many situations that are less secure than the one
      described. No, I lost faith in him two paragraphs down, where he
      states that he now knows "today's cutting edge technologies" that
      ensure against such a thing happening. He then mentions SMTP (Simple
      Mail Transfer Protocol), DNS (Domain Name System), packet sniffing,
      and encryption, which have little relation to online credit card
      fraud, and no connection at all to viruses.

      Chapter one describes, rather tersely, a range of components and
      factors involved in email, some recent email viruses or worms, and a
      bit of virus terminology. There is also a little material on
      technologies loosely related to email security. However, there are
      also great gaping holes in the coverage, and a great many confidently
      stated errors. Servers aren't always "one to a box," viruses don't
      always have a payload (and trojans always do), and Melissa wasn't the
      first email worm to spread between users.

      Chapters two and three list some security weaknesses, and possible
      provisions, in Outlook 2000, Outlook Express 5, and Eudora 4.3. The
      PGP (Pretty Good Privacy) program is also recommended, and some points
      are made about its operation and use. The chapters are not well
      organized, and quite unclear in places. The advice is not always
      useful: chapter two states that the recommendation that you not open
      any attachment you haven't requested has no merit, but suggests that
      you not open any attachment that hasn't been encrypted with PGP.
      Since fewer people use PGP than use email, requesting and confirming
      is easier than checking PGP signatures.

      Some of the risks of using Web based email are discussed in chapter
      four, but the material concentrates on packet sniffing and other
      esoteric attacks and only peripherally notes that your email resides
      on someone else's machine (and is therefore subject to any security
      problems that they have). The installation processes for the McAfee,
      Norton, and PC-cillin antivirus programs are listed in chapter five.
      The overview of active content in chapter six is incomplete, contains
      numerous errors in the risk analysis, and is not clear about
      protection methods. Chapter seven superficially describes some
      commercial versions of the security grab bags known as personal

      Chapters eight to ten look at email server software, respectively
      discussing Windows 2000 Advanced Server and Red Hat Linux 6, MS
      Exchange 5.5, and Sendmail. Chapter nine is the most detailed and
      useful, the others basically suggesting that you shut everything down.
      Some content filters are briefly described in chapter eleven.

      Very little in the book relates to viruses as such, and even less to
      email viruses specifically. On the other hand, the text is not
      sufficiently comprehensive to be considered as a general work on email
      security. For those who are managing email systems and have given no
      thought to security, this work may point out some initial actions to
      take. If you are using these specific programs and versions.

      copyright Robert M. Slade, 2000 BKEMLVRS.RVW 20001121

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      I'm sorry if I ever gave you the impression your input would have
      any effect on my decision for the outcome of this project.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.